swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 00:57:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: milkywell host

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-07 23:37:43 +02:00
parent 2830b98729
commit a8daed1d10
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
13 changed files with 30 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/README.md vendored
View file

@ -152,13 +152,13 @@ Alternatively, to install this from any NixOS live ISO, run `nix run --experimen
|💻 **nbl-imba-2** | Framework Laptop 16, AMD 7940HS, RX 7700S, 64GB RAM | Work laptop |
|💻 **nbm-imba-166** | MacBook Pro 2016 | MacOS Sandbox |
|🖥️ **winters** | ASRock J4105-ITX, 32GB RAM | Main homeserver and data storgae |
|🖥️ **sync** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks |
|🖥️ **milkywell** | Oracle Cloud: VM.Standard.E2.1.Micro | Server for lightweight synchronization tasks |
|🖥️ **moonside** | Oracle Cloud: VM.Standard.A1.Flex, 4 OCPUs, 24GB RAM| Proxy for local services, some lightweight services |
|📱 **magicant** | Samsung Galaxy Z Flip 6 | Phone |
|💿 **drugstore** | - | ISO installer configuration |
|❔ **chaotheatre** | - | Demo config for checking out my configurtion |
|❔ **toto** | - | Helper configuration for bootstrapping a new system |
|🏠 **home** | - | Reference configuration for a home-manager only host |
|🏠 **Treehouse** | - | Reference configuration for a home-manager only host |
</details>
## General Nix tips & useful links

14
.sops.yaml
View file

@ -10,7 +10,7 @@ keys:
- &toto age16vzhcvz8tyxj8e0f47fy0z4p3dsg0ak4vl52ut3l07a0tz465cxslmhevl
- &surface age1zlnxraee6tddr07xn59mx5rdexw8qxryd53eqlsajasfhfy78fkq705dfg
- &nbl age16lnmuuxfuxxtty3atnhut8wseppwnhp7rdhmxqd5tdvs9qnjffjq42sqyy
- &sync age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
- &milkywell age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
- &moonside age18quey88vge7xytclg2nuq4ncme86dg04lxwczqxczmdchnjg3p0saehsnh
creation_rules:
- path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
@ -22,7 +22,7 @@ creation_rules:
- *toto
- *surface
- *nbl
- *sync
- *milkywell
- *moonside
- path_regex: secrets/repo/[^/]+$
key_groups:
@ -33,7 +33,7 @@ creation_rules:
- *toto
- *surface
- *nbl
- *sync
- *milkywell
- *moonside
- path_regex: secrets/certs/[^/]+\.(yaml|json|env|ini)$
key_groups:
@ -69,12 +69,12 @@ creation_rules:
- *swarsel
age:
- *nbl
- path_regex: secrets/sync/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/milkywell/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *swarsel
age:
- *sync
- *milkywell
- path_regex: hosts/nixos/nbl-imba-2/secrets/pii.nix.enc
key_groups:
- pgp:
@ -87,12 +87,12 @@ creation_rules:
- *swarsel
age:
- *winters
- path_regex: hosts/nixos/sync/secrets/pii.nix.enc
- path_regex: hosts/nixos/milkywell/secrets/pii.nix.enc
key_groups:
- pgp:
- *swarsel
age:
- *sync
- *milkywell
- path_regex: hosts/nixos/moonside/secrets/pii.nix.enc
key_groups:
- pgp:

14
SwarselSystems.org
View file

@ -2178,7 +2178,7 @@ My server setup was originally built on Proxmox VE; back when I started, I creat
I have removed most of the machines from this section. What remains are some hosts that I have deployed on OCI (mostly sync for medium-important data) and one other machine that I left for now as a reference.
**** Milkywell (OCI)
**** MilkyWell (OCI)
:PROPERTIES:
:CUSTOM_ID: h:4c5febb0-fdf6-44c5-8d51-7ea0f8930abf
:END:
@ -2361,7 +2361,7 @@ This machine mainly acts as an external sync helper. It manages the following th
isSecureBoot = false;
isCrypted = false;
profiles = {
server.milkywell = true;
server.syncserver = true;
};
}
sharedOptions;
@ -3029,7 +3029,7 @@ This is a slim setup for developing base configuration. I do not track the hardw
#+end_src
**** drugstore (ISO installer config)
**** Drugstore (ISO installer config)
:PROPERTIES:
:CUSTOM_ID: h:8583371d-5d47-468b-84ba-210aad7e2c90
:END:
@ -3204,14 +3204,14 @@ This is a live environment ISO that I use to bootstrap new systems. It only load
#+end_src
**** Home-manager only (default non-NixOS)
**** Treehouse (home-manager only example)
:PROPERTIES:
:CUSTOM_ID: h:7056b9a0-f38b-4bca-b2ba-ab34e2d73493
:END:
This is the "reference implementation" of a setup that runs without NixOS, only relying on home-manager. I try to test this every now and then and keep it supported. However, manual steps are needed to get the system to work fully, depending on what distribution you are running on.
#+begin_src nix-ts :tangle hosts/home/default/default.nix
#+begin_src nix-ts :tangle hosts/home/treehouse/default.nix
{ self, inputs, outputs, ... }:
{
@ -16114,8 +16114,8 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
#+begin_src nix-ts :tangle profiles/nixos/syncserver/default.nix :mkdirp yes
{ lib, config, ... }:
{
options.swarselsystems.profiles.server.milkywell = lib.mkEnableOption "is this a oci milkywell server";
config = lib.mkIf config.swarselsystems.profiles.server.milkywell {
options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server";
config = lib.mkIf config.swarselsystems.profiles.server.syncserver {
swarselsystems = {
modules = {
general = lib.mkDefault true;

2
files/scripts/swarsel-rebuild.sh
View file

@ -83,7 +83,7 @@ if [[ $local_keys != *"${pub_arr[1]}"* ]]; then
rm modules/home/common/mail.nix
rm modules/home/common/yubikey.nix
rm modules/nixos/server/restic.nix
rm hosts/nixos/sync/default.nix
rm hosts/nixos/milkywell/default.nix
rm -rf modules/nixos/server
rm -rf modules/home/server
nix flake update vbc-nix

0
hosts/home/default/default.nix → hosts/home/treehouse/default.nix
View file

6
hosts/nixos/sync/default.nix → hosts/nixos/milkywell/default.nix
View file

@ -15,7 +15,7 @@ in
];
sops = {
defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/sync/secrets.yaml";
defaultSopsFile = lib.mkForce "/root/.dotfiles/secrets/milkywell/secrets.yaml";
};
boot = {
@ -26,7 +26,7 @@ in
networking = {
nftables.enable = lib.mkForce false;
hostName = "sync";
hostName = "milkywell";
enableIPv6 = false;
domain = "subnet03112148.vcn03112148.oraclevcn.com";
firewall = {
@ -161,7 +161,7 @@ in
isSecureBoot = false;
isCrypted = false;
profiles = {
server.sync = true;
server.syncserver = true;
};
}
sharedOptions;

0
hosts/nixos/sync/hardware-configuration.nix → hosts/nixos/milkywell/hardware-configuration.nix
View file

0
hosts/nixos/sync/secrets/pii.nix.enc → hosts/nixos/milkywell/secrets/pii.nix.enc
View file

2
modules/home/common/ssh.nix
View file

@ -22,7 +22,7 @@
hostname = "130.61.119.129";
user = "opc";
};
"sync" = {
"milkywell" = {
hostname = "193.122.53.173";
user = "root";
};

10
modules/nixos/server/syncthing.nix
View file

@ -41,7 +41,7 @@ in
"magicant" = {
id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO";
};
"sync@oracle" = {
"milkywell@oracle" = {
id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB";
};
"${workHostName}" = {
@ -56,7 +56,7 @@ in
path = "${cfg.dataDir}/Sync";
type = "receiveonly";
versioning = null;
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "default";
};
"Obsidian" = {
@ -66,7 +66,7 @@ in
type = "simple";
params.keep = "5";
};
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "yjvni-9eaa7";
};
"Org" = {
@ -76,7 +76,7 @@ in
type = "simple";
params.keep = "5";
};
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "a7xnl-zjj3d";
};
"Vpn" = {
@ -86,7 +86,7 @@ in
type = "simple";
params.keep = "5";
};
devices = [ "sync@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ];
id = "hgp9s-fyq3p";
};
# "Documents" = {

4
nix/topology.nix
View file

@ -34,7 +34,7 @@
connections = [
(mkConnection "moonside" "wan")
(mkConnection "pfsense" "wan")
(mkConnection "sync" "wan")
(mkConnection "milkywell" "wan")
(mkConnection "toto" "bootstrapper")
(mkConnection "chaostheatre" "demo host")
];
@ -42,7 +42,7 @@
chaostheatre.interfaces."demo host" = { };
toto.interfaces."bootstrapper" = { };
sync.interfaces.wan = { };
milkywell.interfaces.wan = { };
moonside.interfaces.wan = { };
pfsense = mkRouter "pfSense" {

4
profiles/nixos/syncserver/default.nix
View file

@ -1,7 +1,7 @@
{ lib, config, ... }:
{
options.swarselsystems.profiles.server.sync = lib.mkEnableOption "is this a oci sync server";
config = lib.mkIf config.swarselsystems.profiles.server.sync {
options.swarselsystems.profiles.server.syncserver = lib.mkEnableOption "is this a oci syncserver server";
config = lib.mkIf config.swarselsystems.profiles.server.syncserver {
swarselsystems = {
modules = {
general = lib.mkDefault true;

0
secrets/sync/secrets.yaml → secrets/milkywell/secrets.yaml
View file